OWASP Testing Project v2.0 - Now that the The OWASP Testing Guide v2.0 has reached the 'Release Candidate 1 milestone, the time has come to make sure that everything is 100% and that there is nothing major missing (review process ends on the 10th of Feb).

Featured Project: OWASP Live CD

The BETA Release of OWASP LiveCD ready for testing.

This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.

Application Security News

Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )

Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.